Cisco is a perennial leader in delivering state-of-the-art firewalls for the broadest possible variety of deployments. Cisco's Firepower Next Generation Firewalls provide an advanced firewall solution that marshals sophisticated hardware, cloud-based services, and machine learning to block, discover, and mitigate threats without manual intervention. Progent's Cisco-certified CCIE firewall experts can help your organization to plan and execute a smooth migration to Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and show you how to integrate Firepower firewalls with Cisco's security services to build and centrally control network ecosystems that span branch offices, data centers, private clouds and public clouds. Progent's firewall consultants can also help you to manage and debug legacy Cisco firewalls. Progent's certified cybersecurity consultants can help you with policy creation driven by leading best practices in order to establish a consistent cybersecurity posture that applies to all your networked endpoints at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a major performance improvement compared to Cisco's popular ASA 5500-X security appliances and offer unified management and automation of modern security capabilities like application visibility, next-generation intrusion protection with risk prioritization, advanced malware protection, DDoS mitigation, and multi-node sandboxing. For more information about Cisco's Firepower line of Next Generation Firewalls (NGFWs), refer to Firepower Series firewalls integration services.
Cisco's ASA 5500-X Series and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500, and PIX firewalls offer integrated firewall, IPsec VPN, and intrusion prevention system services in single-box packages, delivering a broad array of features to match the security and compliance requirements of companies ranging from small businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances allow network security staffs to defend their network perimeter and offer safe remote access while utilizing powerful management mechanisms built on Cisco's world-class firewall products.
Ciscoís ASA 5500 and PIX 500 firewall appliances have arrived at end-of-life status but remain commonly deployed in smaller organizations as well as in a few enterprise data centers. The ASA 5500-X Series Next-Generation Firewalls deliver significantly more value and have supplanted Cisco's ASA 5500 and PIX 500 lines of firewalls for new installations. Still, Cisco's legacy firewalls, if carefully maintained, can offer a high degree of protection by supplying a variety of features including stateful firewall, Virtual Private Network (VPN) connections, and IPS.
After Cisco's purchase of Sourcefire, the entire line of Cisco ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort technology, which is the market's most popular network intrusion protection system (IPS). Firepower services provide enhanced capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco-certified infrastructure engineers can help you to support and troubleshoot legacy ASA 5500 Series and PIX firewalls and can also help you to plan and implement an efficient upgrade to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also help you to plan, deploy, optimize, administer and troubleshoot new firewall ecosystems based on Cisco's current ASA 5500-X firewalls with Firepower Services. Progent can also help your organization to upgrade from your Cisco ASA 5500-X deployment to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X security appliances includes an enhanced replacement for each rack-mountable model in the older ASA 5500 series of devices. Each ASA 5500-X firewall targets the same environment as the associated earlier models, which offers most plenty of room for picking a firewall that aligns with their security needs and budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and support Cisco's advanced security services. All models in Cisco's ASA 5500-X product line provide dependable protection across any mix of physical, virtual, and cloud deployments.
For more information about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA security appliances, see Firepower integration and debugging expertise
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept software or physical modules that support Cisco's Firepower Services, which offer layered defense against sophisticated attacks. Firepower Services are powered by technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA security appliances include:
- Multi-layer defense against both familiar and new attacks
- Advanced Malware Protection that utilizes big data to discover and mitigate intrusions
- A Next-Generation Intrusion Prevention System that performs contextual analysis that covers users, infrastructure, apps, and content to discover attacks that use multiple vectors
- Fine-grained Application Visibility and Control that is aware of thousands of apps and can automatically activate standard and custom IPS policies based on the degree of risk
Firepower Services for Cisco ASA 5500-X firewalls offer advanced multi-layered protection
Smaller deployments of ASA firewalls can be efficiently administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool which is provided with all ASA 5500-X versions. ASDM provides a simple web console for configuring, administering, and troubleshooting ASA 5500-X firewalls and modules.
For multi-device and multi-site environments, ASA 5500-X firewalls with Firepower can be managed using Cisco's Firepower Management Center, implemented as one or several physical or virtual devices. Cisco's Firepower Management Center offers unified firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection. Due to ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center unifies event and policy control for Cisco Firepower firewalls
Firepower Management Center provides features unavailable with Cisco's on-box Adaptive Security Device Manager tool. Additional capabilities include greater context awareness, Advanced Malware Protection with remediation for user devices, a console that offers real-time infrastructure visualization, automated policy tuning based on impact assessment of threats, comprehensive IPS, custom app discovery for Application Visibility and Control, customized health notifications, improved reporting options, and APIs for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-box ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) Firewalls build on engineering behind the PIX 500 Series Security Appliance, the Cisco IPS 4200 Series Intrusion Prevention System, and the VPN 3000 model concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) Firewall family to offer a platform that defends against the widest variety of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls provide application protection, network containment, and clean VPN connectivity throughout the entire product portfolio. This breadth of protection enables defense of any network area, including the most common threat conduits like remote sites, LAN-attached internal users, and remote connected Virtual Private Networks.
The expandable design of the ASA 5500 family permits you to add security services via security service modules and security service cards (SSCs). These user-installable enhancements give you the ability to add IPS and content protection services like blocking virus, spyware, and phishing assaults and performing file and URL filtering. In addition to enabling you to respond rapidly to the latest risk vectors, the extensible architecture of the Cisco ASA 5500 Series also protects your capital investment by increasing the life of your security appliances. The ASA 5500 family also leverages your investment in administrative team training by supporting the familiar set of PIX 500 security management tools and protocols such as the Cisco Adaptive Security Device Manager (ASDM) platform, secure command-line interface (CLI) access, syslog, and SNMP.
Cisco Adaptive Security Appliances 5500 Series firewalls deliver robust application protection via intelligent, application-aware inspection engines that examine network flows at Layers 4-7. The result is a safer network covering Web, voice, and mobile wireless services. To protect against application-layer attacks and to provide better policing of the programs and protocols used in their environments, Cisco's inspection engines incorporate broad application and protocol knowledge and rely on security enforcement solutions such as protocol anomaly detection and application and protocol state tracking. Also included are attack detection and mitigation techniques such as application/protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide control over IM and tunneling applications, allowing organizations to enforce usage policies and recover bandwidth for important business applications.
For more information about Progent's support services for Cisco's ASA 5500 firewalls, visit Cisco ASA 5500 firewalls configuration and debugging support.
Based upon a hardened, purpose-built operating system that offers rich security features, PIX firewalls offer a high level of protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security qualification. Cisco PIX firewall appliances provide protection for a broad range of VoIP and other multimedia conventions such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), RTSP, and MGCP, helping organizations to protect deployments of a wide range of current and next-generation Voice over IP and video applications.
Cisco PIX firewalls offer a variety of setup, tracking, and analysis options, giving businesses the flexibility to utilize the techniques that best match their needs. Management options include common, policy-based administration tools, integrated web-accessible administration, and support for remote-tracking protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager system provides a world-class Web-based management solution that greatly streamlines the deployment, ongoing configuration, and monitoring of a single PIX firewall appliance without the need of any extra utility beyond a standard Web browser and Java applet to be running on a manager's PC.
IT managers can also remotely configure, monitor, and analyze PIX firewall appliances using a CLI interface. Safe command-line interface (CLI) communication is available through a number of techniques such as SSHv2 Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. PIX security appliances also include robust automatic-update features, a set of revolutionary protected remote-management options that ensure security settings and software images are kept up to date.
For additional information about Progent's consulting services for PIX 500 security appliances, see Cisco PIX firewalls integration and debugging services.
Progent's Migration Consulting Support for Cisco Firewalls
Because Cisco has ceased offering the PIX 500 and ASA 5500 product lines, many businesses are concerned about relying on a critical infrastructure component that may no longer be supported. ASA 5500-X and Firepower Series firewalls have the advantage of being current products and also offer several functions and budgetary benefits in comparison to PIX devices. These benefits include significantly better throughput, optional SSL VPN support, and a modular architecture that protects your investment by enabling you to add new security features when and if you require them. Progent's CCIE-certified network engineers can assist your company to assess the strategic case for upgrading from PIX or ASA 5500 security appliances, create a migration plan that permits a quick and non-disruptive changeover, help you to set up new ASA 5500-x or Firepower Series appliances, and offer online, consulting, and technical support services.
Other Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco's Firepower Series, ASA 5500 Series, and PIX family firewalls incorporate an array of setup, monitoring, and troubleshooting features which give you the flexibility to set up these security appliances to align optimally with your business requirements. Progent's CCIE authorized network professionals can help you to build a cost-effective network infrastructure that includes Cisco security appliances and that offers world-class protection, fault tolerance, throughput, and recoverability. Progent's CISA and CISM-certified IS security experts can help your business to develop a security strategy that makes sense for your business and can configure your firewall to enforce your security policies. Progent's risk evaluation experts can assess the effectiveness of your current firewall solution and audit the security of your entire IS environment. Progentís Technical Response Center (TRC) can deliver emergency online troubleshooting for Cisco products and offer fast access to a Cisco network engineer.
To see additional details about Progent's professional support for Cisco technology, choose a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to contact Progent about engineering expertise for Cisco networking, phone 1-800-993-9400 or go to Contact Progent.